ISACA CDPSE exam details and process
They say that privacy is the ultimate luxury, and organizations know that this applies to them. It then comes as no surprise that the demand for data privacy professionals is not only high but often understaffed.
Those looking to expand into a data privacy role and validate their data privacy skills and knowledge will want to consider earning ISACA’s Certified Data Privacy Solutions Engineer (CDPSE) certification.
What is the CDPSE exam?
The CDPSE exam is the certification exam that you have to pass to earn a CDPSE certification. It will test the ability of the certification candidate to implement privacy by design in your organization to enhance its privacy technology platforms/products, advance data privacy, provide privacy-related benefits to the organization and build trust. This exam became a full-fledged certificate on March 31, 2021.
What are the CDPSE exam topics?
The CDPSE contains three domains of knowledge, and each domain includes topics that the certification candidate will need to master:
Domain 1: Privacy governance (governance, management and risk management)
- Identify the internal and external privacy requirements specific to the organization's governance and risk management programs and practices.
- Participate in evaluating privacy policies, programs, and policies for their alignment with legal requirements, regulatory requirements or industry best practices.
- Coordinate or perform privacy impact assessments (PIA) and other privacy-focused assessments.
- Participate in the development of procedures that align with privacy policies and business needs.
- Implement procedures that align with privacy policies.
- Participate in managing and evaluating contracts, service levels and practices of vendors and other external parties.
- Participate in the privacy incident management process.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Develop or implement a prioritization process for privacy practices.
- Develop, monitor or report performance metrics and trends related to privacy practices.
- Report on the status and outcomes of privacy programs and practices to relevant stakeholders.
- Participate in privacy training and promote awareness of privacy practices.
- Identify issues requiring remediation and opportunities for process improvement.
Domain 2: Privacy architecture (infrastructure, applications/software and technical privacy controls)
- Coordinate or perform privacy impact assessment (PIA) and other privacy-focused assessments to identify appropriate tracking technologies and technical privacy controls.
- Participate in the development of privacy control procedures that align with privacy policies and business needs.
- Implement procedures related to privacy architecture that aligns with privacy policies.
- Collaborate with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and considerations.
- Evaluate advancements in privacy-enhancing technologies and changes in the regulatory landscape.
- Identify, validate or implement appropriate privacy and security controls according to data classification procedures.
Domain 3: Data lifecycle (data purpose and data persistence)
- Identify the internal and external privacy requirements relating to the organization's data lifecycle practices.
- Coordinate or perform privacy impact assessments (PIA) and other privacy-focused reviews relating to the organization’s data lifecycle practices.
- Participate in the development of data lifecycle procedures that align with privacy policies and business needs.
- Implement procedures related to the data lifecycle that aligns with privacy policies.
- Collaborate with other practitioners to ensure that privacy programs and practices are followed during the design, development and implementation of systems, applications and infrastructure.
- Evaluate the enterprise architecture and information architecture to ensure it supports privacy by design principles and data lifecycle considerations.
- Identify, validate or implement appropriate privacy and security controls according to data classification procedures.
- Design, implement or monitor processes and procedures to keep the inventory and dataflow records current.
What is the CDPSE exam format?
Those taking the CDPSE certification exam will need to know what the exam format is. Below are the three top questions related to exam format.
What are CDPSE exam questions?
The CDPSE certification exam questions are in the multiple-choice question format. Exam candidates will need to select the best answer for each question.
How long is the CDPSE exam?
CPDSE exam candidates will have three and a half hours to complete the exam.
How many questions are on the CDPSE exam?
There are 120 questions on the CDPSE exam.
How much does the CDPSE exam cost?
ISACA offers two levels of exam fees depending on if you are an ISACA member. Members pay $575, and non-members pay $760. There is also a $50 application processing fee that members and non-members will need to pay.
How to pass the CDPSE exam?
The big question for many will be how do you pass this exam? The CDPSE exam has a total of 800 possible points. You will need to receive at least a score of 450 or higher to pass the certification exam.
How do I get my CDPSE exam results?
You will first see your preliminary exam results display on your screen as soon as you finish the exam. The official CDPSE exam score you earned will be available online and emailed to you within 10 working days. Please note that exam scores will not be available via telephone or fax.
What happens after I pass the CDPSE exam?
After you pass the CDPSE exam, you will receive instructions/details regarding applying for certification.
What happens if I fail the CDPSE exam?
If you fail the CDPSE exam and you would like to retake it, the exam taker will have three retake attempts available. Note that you will need to pay the exam fee for each retake attempt. The breakdown of how that works is below:
- Retake 1: you must wait 30 days from the date of the first exam attempt
- Retake 2: you must wait 90 days from Retake 1
- Retake 3: you must wait 90 days from Retake 2
How to register for the CDPSE exam?
First off, before registration, the exam has a minimum of three years of work experience in data privacy to earn the certification. Once you are ready to register, you will find that the exam registration process is rolling and ongoing, which means you can register at any time, and you can even schedule the exam in as little as 48 hours from the time you register. Registration steps are:
- Log in or create an ISACA account.
- Select your certification exam.
- Accept ISACA’s exam candidate terms and conditions, including conditions covering exam administration, certification rules and release of test results.
- Pay examination fee.
- You will receive a notification to schedule an email within one business day with instructions on scheduling your CDPSE exam.
How do I become CDPSE certified?
Passing the CDPSE exam is just the first step in the certification process. The rest of the steps are:
- Pay the $50 application processing fee.
- Apply to demonstrate that you satisfied the experience requirements.
- Adhere to the Code of Professional Ethics.
- Adhere to the Continuing Professional Education Program
After you pass the exam, you will have five years to apply for certification.
Taking and passing the CDPSE
Data privacy is a high demand and often understaffed information security skill set. The CDPSE certification will verify that you have the skills and knowledge to implement data privacy platforms and products within your organization that it will benefit from as well as build trust in your organization’s data privacy. If you are looking to get ahead in your data privacy career, you may want to consider earning the CDPSE certification.
Sources
- CDPSE Exam Candidate Guide, Isaca